Security Engineer, Embedded Devices

Headquartered in the United States, TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products, consistently ranked as the world’s top provider of Wi-Fi devices. The company is committed to delivering innovative products that enhance people’s lives through faster, more reliable connectivity. With a commitment to excellence, TP-Link Systems serves customers in over 170 countries and continues to grow its global footprint.

We believe technology changes the world for the better! At TP-Link Systems Inc., we are committed to crafting dependable, high-performance products to connect users worldwide with the wonders of technology. 

Embracing professionalism, innovation, excellence, and simplicity, we aim to assist our clients in achieving remarkable global performance and enable consumers to enjoy a seamless, effortless lifestyle. 

Overview:

The Security Engineer for Embedded Devices focuses on protecting cutting-edge embedded products by identifying and mitigating vulnerabilities. Key responsibilities include conducting penetration tests, performing threat modeling, and leading security risk assessments to ensure robust protection. The role involves managing incident response activities, driving product cybersecurity certifications, and developing specialized security tools to enhance testing efficiency. Collaboration with cross-functional teams is vital, with a focus on integrating security practices into the Software Development Life Cycle (SDLC). Additionally, the engineer will deliver security training, stay updated on global cybersecurity standards, and conduct audits to maintain compliance with industry regulations.

Key Responsibilities:

• Penetration Testing: Perform penetration testing on embedded products to identify vulnerabilities. Provide remediation recommendations and write detailed penetration test reports.
• Threat Modelling and Security Assessment: Perform threat modeling to identify and evaluate potential risks. Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses.
• Incident Response and Vulnerability Management: Lead incident response activities, including investigation, containment, remediation, and post-incident analysis. Coordinate with cross-functional teams to ensure effective resolution.
• Product Cybersecurity Certification: Analyze product security certification requirements and collaborate with cross-functional teams to achieve product security certification.
• Develop Security Tools: Design and develop various pen-testing tools, automated testing platforms, and scripts to enhance testing efficiency and accuracy.
• SDLC Integration: Participate in the development and improvement of the company's SDLC processes, ensuring security practices are integrated into all stages of product development.
• Global Cybersecurity Standards and Regulations: Interpret and stay updated on global cybersecurity standards and regulatory requirements. Develop security baseline and drive the implementation of security requirements within the embedded device.
• Security Training: Collaborate with teams to develop and deliver security training to product, R&D, and QA teams, ensuring best practices are followed to mitigate insider threats.
• Security Auditing: Conduct security audits to ensure compliance with cybersecurity standards (e.g., ISO 27001, NIST, GDPR) and regulatory requirements.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven experience as a Security Engineer (Embedded devices) or in a similar role.
• Strong knowledge of protocol security design, cryptography, security frameworks and common vulnerabilities.
• Experience with security tools such as Burpsuite, Nmap, Kali, Nessus, Metasploit, IDA, Ghidra, etc.
• Capability to independently develop or customize new penetration testing tools and Fuzzing strategies.
• Ability to independently perform code audits or reverse engineering.
• Proficient in at least one programming language (e.g., C/C++, Python, Bash, or PowerShell).
• Relevant security certifications (e.g., CISSP, OSED, OSWP) are a plus.

Soft Skills:

• Excellent communication and interpersonal skills.
• Ability to work independently as well as collaborate with cross-functional teams.
• Strong attention to detail and commitment to maintaining high-security standards.

Salary range: $140,000 - $190,000

• Free snacks and drinks, and provided lunch on Fridays
• Fully paid medical, dental, and vision insurance (partial coverage for dependents)
• Contributions to 401k funds
• Bi-annual reviews, and annual pay increases
• Health and wellness benefits, including free gym membership
• Quarterly team-building events

At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc.